Buffer Over-read Issue in Eclipse OMR Compiler Affecting Z Processor Users
CVE-2025-14549

6.9MEDIUM

Key Information:

Vendor: Eclipse Omr
Status: Eclipse Omr
Vendor: CVE Published:; 15 December 2025

🔔 Create Eclipse Omr Vulnerability Alert

What is CVE-2025-14549?

An issue in the Eclipse OMR compiler since version 0.7.0 may lead to a buffer over-read condition. This occurs when the optimization for Eclipse OpenJ9 users on Z processors mishandles NUL (0x00) characters during the translation from Latin-compatible charsets to IBM-1047/037. As a result, the first NUL byte and any subsequent characters can be improperly discarded in the output byte array. This vulnerability has been addressed in Eclipse OMR version 0.8.0.

Affected Version(s)

Eclipse OMR 0.7.0

References

https://github.com/eclipse-omr/omr/pull/8073

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Dec 11, 2025

JSON